Documentation | Flowtriq DDoS Detection API & Agent Setup
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Docs/Agent API

Agent API Reference

These endpoints are used by the FTAgent running on your server. They authenticate with two headers:

Authorization: Bearer your-node-api-key X-Node-UUID: your-node-uuid

Base URL: https://flowtriq.com/api/v1/agent

Heartbeat

POST/v1/agent/heartbeat

Sent every 30 seconds to indicate the agent is online. Updates last_seen_at and status.

ParameterTypeDescription
agent_versionstringCurrent agent version
uptimeintegerAgent uptime in seconds
osstringOS identifier (e.g., "Ubuntu 22.04")

Submit Metrics

POST/v1/agent/metrics

Submits PPS/BPS samples. The agent sends one batch per second.

ParameterTypeDescription
pps*integerPackets per second
bps*integerBits per second
tcp_pctfloatTCP percentage (0-100)
udp_pctfloatUDP percentage (0-100)
icmp_pctfloatICMP percentage (0-100)
conn_countintegerActive connections
recorded_atstringISO 8601 timestamp

Report Incident

POST/v1/agent/incident

Opens or updates an incident when the agent detects an attack threshold crossing.

ParameterTypeDescription
attack_family*stringDetected family: udp_flood, syn_flood, http_flood, icmp_flood, dns_flood, multi_vector, unknown
severity*stringlow, medium, high, critical
peak_ppsintegerPeak packets/sec observed
peak_bpsintegerPeak bits/sec observed
protocol_breakdownobject{"tcp": 15.2, "udp": 82.1, "icmp": 2.7}
tcp_flag_breakdownobject{"SYN": 1200, "ACK": 400, "RST": 50}
geo_breakdownobject{"US": 4200, "CN": 1800, "RU": 920}
source_ip_countintegerUnique source IPs
top_src_ipsarray[{"ip": "1.2.3.4", "count": 5000}, ...]
top_dst_portsarray[{"port": 80, "count": 12000}, ...]
ioc_matchesarrayMatched IOC patterns
spoofing_detectedbooleanTTL analysis indicates spoofed sources
botnet_detectedbooleanTraffic pattern matches known botnet signatures

Upload PCAP

POST/v1/agent/pcap

Uploads a PCAP capture file for an incident. Multipart form upload, max 100 MB.

ParameterTypeDescription
incident_id*integerAssociated incident ID
file*filePCAP file (multipart upload)

Get Config

GET/v1/agent/config

Returns the node's remote config including IOC patterns, thresholds, and pending commands.

// Response 200 { "node_id": 1, "pps_threshold": 50000, "baseline": { "p99_pps": 12000, "mean_pps": 3400 }, "ioc_patterns": [...], "pending_commands": [ { "id": 5, "command": "iptables -I INPUT -s 1.2.3.4 -j DROP" } ] }